[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1048

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ece3860a by Salvatore Bonaccorso at 2018-01-25T08:07:21+01:00
Add CVE-2018-1048

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13095,8 +13095,11 @@ CVE-2018-1049 [automount: access to automounted 
volumes can lock up]
NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
NOTE: https://github.com/systemd/systemd/pull/5916
NOTE: 
https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318
-CVE-2018-1048
+CVE-2018-1048 [ALLOW_ENCODED_SLASH option not taken into account in the 
AjpRequestParser]
RESERVED
+   - undertow 
+   NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1534343
+   TODO: check
 CVE-2018-1047 [Path traversal in ServletResourceManager class]
RESERVED
- undertow 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ece3860adc5f59e12c824ae379346ed261962765

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ece3860adc5f59e12c824ae379346ed261962765
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1047

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4d93f3f7 by Salvatore Bonaccorso at 2018-01-25T08:06:30+01:00
Add CVE-2018-1047

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13097,8 +13097,12 @@ CVE-2018-1049 [automount: access to automounted 
volumes can lock up]
NOTE: 
https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318
 CVE-2018-1048
RESERVED
-CVE-2018-1047
+CVE-2018-1047 [Path traversal in ServletResourceManager class]
RESERVED
+   - undertow 
+   NOTE: https://issues.jboss.org/browse/WFLY-9620
+   NOTE: https://developer.jboss.org/thread/276826
+   TODO: check, issue in undertow or WildFly?
 CVE-2018-1046
RESERVED
 CVE-2018-1045 (In Moodle 3.x, there is XSS via a calendar event name. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d93f3f797e1101da2e178aad5a4f1c18c720551

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d93f3f797e1101da2e178aad5a4f1c18c720551
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6198/w3m

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
06f4021f by Salvatore Bonaccorso at 2018-01-25T06:40:34+01:00
Add CVE-2018-6198/w3m

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-6198 [insecure temporary files creation when ~/.w3m is unwritable]
+   - w3m  (bug #888097; unimportant)
+   NOTE: 
https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
+   NOTE: Neutralised by kernel hardening
 CVE-2018-6197 [segv in columnPos]
- w3m 
[stretch] - w3m  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/06f4021fdfed7a0393abb492fcf46e229d04264c

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/06f4021fdfed7a0393abb492fcf46e229d04264c
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6197/w3m

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f72ae8a3 by Salvatore Bonaccorso at 2018-01-25T06:31:55+01:00
Add CVE-2018-6197/w3m

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-6197 [segv in columnPos]
+   - w3m 
+   [stretch] - w3m  (Minor issue)
+   [jessie] - w3m  (Minor issue)
+   NOTE: https://github.com/tats/w3m/issues/89
+   NOTE: 
https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
 CVE-2018-6196 [infinite recursion in HTMLlineproc0]
- w3m 
[stretch] - w3m  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f72ae8a3195285078a304e163f5b611263502d4c

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f72ae8a3195285078a304e163f5b611263502d4c
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6196/w3m, mark as no-dsa

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8c5eef5e by Salvatore Bonaccorso at 2018-01-25T06:30:45+01:00
Add CVE-2018-6196/w3m, mark as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-6196 [infinite recursion in HTMLlineproc0]
+   - w3m 
+   [stretch] - w3m  (Minor issue)
+   [jessie] - w3m  (Minor issue)
+   NOTE: https://github.com/tats/w3m/issues/88
+   NOTE: 
https://github.com/tats/w3m/commit/8354763b90490d4105695df52674d0fcef823e92
 CVE-2018-6189
RESERVED
 CVE-2018-6188



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c5eef5eb67e33231e313697cf45093bcd5a628b

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c5eef5eb67e33231e313697cf45093bcd5a628b
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-5683: Mark stretch as postponed

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8c105dc5 by Salvatore Bonaccorso at 2018-01-25T06:18:38+01:00
CVE-2018-5683: Mark stretch as postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1272,8 +1272,8 @@ CVE-2018-5684 (In Libav through 12.2, there is an invalid 
memcpy call in the ...
TODO: check
 CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest 
privileged ...)
- qemu  (bug #887392)
+   [stretch] - qemu  (Minor issue, can be fixed along in future 
DSA)
[jessie] - qemu  (Minor issue, can be fixed along in future 
DSA)
-   [wheezy] - qemu  (Minor issue, can be fixed along in future 
DSA)
[wheezy] - qemu  (Minor issue, can be fixed along in next 
DLA)
- qemu-kvm 
[wheezy] - qemu-kvm  (Minor issue, can be fixed along in 
next DLA)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c105dc59655bd389a554a20304908c79111df21

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c105dc59655bd389a554a20304908c79111df21
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new webkit issues

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ab6c38c0 by Moritz Muehlenhoff at 2018-01-25T03:12:03+01:00
new webkit issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4796,6 +4796,9 @@ CVE-2018-4097
RESERVED
 CVE-2018-4096
RESERVED
+   - webkit2gtk 2.18.6-1 (unimportant)
+   NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
+   NOTE: Not covered by security support
 CVE-2018-4095
RESERVED
 CVE-2018-4094
@@ -4810,8 +4813,14 @@ CVE-2018-4090
RESERVED
 CVE-2018-4089
RESERVED
+   - webkit2gtk 2.18.6-1 (unimportant)
+   NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
+   NOTE: Not covered by security support
 CVE-2018-4088
RESERVED
+   - webkit2gtk 2.18.6-1 (unimportant)
+   NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
+   NOTE: Not covered by security support
 CVE-2018-4087
RESERVED
 CVE-2018-4086
@@ -25460,8 +25469,14 @@ CVE-2017-13886
RESERVED
 CVE-2017-13885
RESERVED
+   - webkit2gtk 2.18.6-1 (unimportant)
+   NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
+   NOTE: Not covered by security support
 CVE-2017-13884
RESERVED
+   - webkit2gtk 2.18.6-1 (unimportant)
+   NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
+   NOTE: Not covered by security support
 CVE-2017-13883 (An issue was discovered in certain Apple products. macOS 
before ...)
NOT-FOR-US: Apple
 CVE-2017-13882
@@ -46280,6 +46295,9 @@ CVE-2017-7166
RESERVED
 CVE-2017-7165
RESERVED
+   - webkit2gtk 2.18.6-1 (unimportant)
+   NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
+   NOTE: Not covered by security support
 CVE-2017-7164
RESERVED
 CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before 
...)
@@ -46287,9 +46305,13 @@ CVE-2017-7163 (An issue was discovered in certain 
Apple products. macOS before .
 CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
NOT-FOR-US: Apple
 CVE-2017-7161
-   RESERVED
+   - webkit2gtk 2.18.6-1 (unimportant)
+   NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
+   NOTE: Not covered by security support
 CVE-2017-7160 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
-   NOT-FOR-US: Apple
+   - webkit2gtk 2.18.6-1 (unimportant)
+   NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
+   NOTE: Not covered by security support
 CVE-2017-7159 (An issue was discovered in certain Apple products. macOS before 
...)
NOT-FOR-US: Apple
 CVE-2017-7158 (An issue was discovered in certain Apple products. macOS before 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab6c38c0fcb015644b3720f8efd8539d0f263719

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab6c38c0fcb015644b3720f8efd8539d0f263719
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
01d67980 by Moritz Muehlenhoff at 2018-01-25T03:05:20+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -10,7 +10,7 @@ CVE-2018-6186
 CVE-2018-6185
RESERVED
 CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the 
/_next ...)
-   TODO: check
+   NOT-FOR-US: ZEIT Next.js
 CVE-2018-6183
RESERVED
 CVE-2018-6182
@@ -22,7 +22,7 @@ CVE-2018-6180
 CVE-2018-117
RESERVED
 CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path 
Service ...)
-   TODO: check
+   NOT-FOR-US: FreeSSHd
 CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles 
freeing ...)
- linux 4.14.13-1
[jessie] - linux  (Vulnerable code not present)
@@ -373,9 +373,9 @@ CVE-2018-6020
 CVE-2018-6019
RESERVED
 CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder 
Android ...)
-   TODO: check
+   NOT-FOR-US: Tinder
 CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder 
...)
-   TODO: check
+   NOT-FOR-US: Tinder
 CVE-2018-6016
RESERVED
 CVE-2018-6015
@@ -503,15 +503,15 @@ CVE-2018-5990
 CVE-2018-5989
RESERVED
 CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter 
to ...)
-   TODO: check
+   NOT-FOR-US: Flexible Poll
 CVE-2018-5987
RESERVED
 CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or 
s_row ...)
-   TODO: check
+   NOT-FOR-US: Easy Car Script
 CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component 
for ...)
-   TODO: check
+   NOT-FOR-US: LiveCRM SaaS Cloud
 CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform) 
2.1 ...)
-   TODO: check
+   NOT-FOR-US: Tumder
 CVE-2018-5983
RESERVED
 CVE-2018-5982
@@ -521,13 +521,13 @@ CVE-2018-5981
 CVE-2018-5980
RESERVED
 CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat 
Script 1.5 ...)
-   TODO: check
+   NOT-FOR-US: Wchat Fully Responsive PHP AJAX Chat Script
 CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 
via the ...)
-   TODO: check
+   NOT-FOR-US: Facebook Style Php Ajax Chat Zechat
 CVE-2018-5977 (SQL Injection exists in Affiligator Affiliate Webshop 
Management System ...)
-   TODO: check
+   NOT-FOR-US: Affiligator Affiliate Webshop Management System
 CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation 
Online 1.0 ...)
-   TODO: check
+   NOT-FOR-US: RSVP Invitation Online
 CVE-2018-5975
RESERVED
 CVE-2018-5974
@@ -535,13 +535,13 @@ CVE-2018-5974
 CVE-2018-5973
RESERVED
 CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the 
...)
-   TODO: check
+   NOT-FOR-US: Classified Ads CMS Quickad
 CVE-2018-5971
RESERVED
 CVE-2018-5970
RESERVED
 CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 
via ...)
-   TODO: check
+   NOT-FOR-US: Photography CMS
 CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 
2.9.3 ...)
- jackson-databind  (bug #888316)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
@@ -571,7 +571,7 @@ CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver 
file (zef.sys) allows
 CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) 
allows local ...)
NOT-FOR-US: Zillya! Antivirus
 CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User 
controlled ...)
-   TODO: check
+   NOT-FOR-US: GitStack
 CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows 
remote FTP ...)
NOT-FOR-US: LabF nfsAxe
 CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 
12.02-01121 ...)
@@ -950,9 +950,9 @@ CVE-2018-5780
 CVE-2018-5779
RESERVED
 CVE-2018-5778 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 
Plus SP1 ...)
-   TODO: check
+   NOT-FOR-US: Ipswitch WhatsUp Gold
 CVE-2018-5777 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 
Plus SP1 ...)
-   TODO: check
+   NOT-FOR-US: Ipswitch WhatsUp Gold
 CVE-2018-5775
RESERVED
 CVE-2018-5774
@@ -1070,7 +1070,7 @@ CVE-2017-18033 (The Jira-importers-plugin in Atlassian 
Jira before version 7.6.1
 CVE-2018-5750
RESERVED
 CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit 
c1cd164 and ...)
-   TODO: check
+   NOT-FOR-US: Minecraft Servers List Lite
 CVE-2018-5748 [resource exhaustion via qemuMonitorIORead() method]
RESERVED
- libvirt 4.0.0-1 (bug #887700)
@@ -1194,7 +1194,7 @@ CVE-2018-5707
 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] firefox DSA

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0f8d4981 by Moritz Muehlenhoff at 2018-01-25T02:57:48+01:00
firefox DSA

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,7 @@
+[25 Jan 2018] DSA-4096-1 firefox-esr - security update
+   {CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 
CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 
CVE-2018-5117}
+   [jessie] - firefox-esr 52.6.0esr-1~deb8u1
+   [stretch] - firefox-esr 52.6.0esr-1~deb9u1
 [24 Jan 2018] DSA-4095-1 gcab - security update
{CVE-2018-5345}
[stretch] - gcab 0.7-2+deb9u1


=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -18,8 +18,6 @@ chromium-browser/stable
 --
 curl (ghedo)
 --
-firefox-esr (jmm)
---
 graphicsmagick
 --
 imagemagick/oldstable (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f8d498188fa7e3c1321267c002f3d66ac23e665

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f8d498188fa7e3c1321267c002f3d66ac23e665
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: nvidia spu

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8603ec68 by Moritz Muehlenhoff at 2018-01-25T01:42:48+01:00
nvidia spu

- - - - -
fff0d56f by Moritz Muehlenhoff at 2018-01-25T01:43:09+01:00
qemu postponed

- - - - -
8a682689 by Moritz Muehlenhoff at 2018-01-25T01:43:18+01:00
Merge branch master of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1272,6 +1272,8 @@ CVE-2018-5684 (In Libav through 12.2, there is an invalid 
memcpy call in the ...
TODO: check
 CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest 
privileged ...)
- qemu  (bug #887392)
+   [jessie] - qemu  (Minor issue, can be fixed along in future 
DSA)
+   [wheezy] - qemu  (Minor issue, can be fixed along in future 
DSA)
[wheezy] - qemu  (Minor issue, can be fixed along in next 
DLA)
- qemu-kvm 
[wheezy] - qemu-kvm  (Minor issue, can be fixed along in 
next DLA)
@@ -17370,8 +17372,8 @@ CVE-2017-16660 (Cacti 1.1.27 allows remote 
authenticated administrators to condu
NOTE: affected code was introduced in the 1.x release
 CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated 
administrators ...)
- cacti 1.1.27+ds1-3 (bug #881110)
-   [stretch] - cacti  (Minor issue, due to CVE-2009-4112 does not 
make sense to isolately fix unless CVE-2009-4112 adressed upstream)
-   [jessie] - cacti  (Minor issue, due to CVE-2009-4112 does not 
make sense to isolately fix unless CVE-2009-4112 adressed upstream)
+   [stretch] - cacti  (Minor issue, due to CVE-2009-4112 does not 
make sense to isolately fix unless CVE-2009-4112 adressed upstream)
+   [jessie] - cacti  (Minor issue, due to CVE-2009-4112 does not 
make sense to isolately fix unless CVE-2009-4112 adressed upstream)
[wheezy] - cacti  (Minor issue, due to CVE-2009-4112 does not 
make sense to isolately fix unless CVE-2009-4112 adressed upstream)
NOTE: https://github.com/Cacti/cacti/issues/1057
NOTE: 
https://github.com/Cacti/cacti/commit/e8088bb6593e6a49d000c342d17402f01db8740e


=
data/next-point-update.txt
=
--- a/data/next-point-update.txt
+++ b/data/next-point-update.txt
@@ -67,3 +67,9 @@ CVE-2017-14695
[stretch] - salt 2016.11.2+ds-1+deb9u1
 CVE-2017-14696
[stretch] - salt 2016.11.2+ds-1+deb9u1
+CVE-2017-5753
+   [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1
+CVE-2017-5754
+   [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1
+CVE-2017-5715
+   [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5198ff971f348bcd3607fb73fe5e863b1298123a...8a68268922de8d13c43efbe0599677d51773b46d

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5198ff971f348bcd3607fb73fe5e863b1298123a...8a68268922de8d13c43efbe0599677d51773b46d
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1256-1 for firefox-esr

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5198ff97 by Emilio Pozuelo Monfort at 2018-01-25T00:15:46+01:00
Reserve DLA-1256-1 for firefox-esr

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[25 Jan 2018] DLA-1256-1 firefox-esr - security update
+   {CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 
CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 
CVE-2018-5117}
+   [wheezy] - firefox-esr 52.6.0esr-1~deb7u1
 [21 Jan 2018] DLA-1255-1 bind9 - security update
{CVE-2017-3145}
[wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u19


=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -15,8 +15,6 @@ curl (Thorsten Alteholz)
 exiv2 (Brian May)
   NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that 
CVE-2017-17669 applies to wheezy version
 --
-firefox-esr (Emilio Pozuelo)
---
 icu
   NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in 
Chromium project; report is not visible to the public
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5198ff971f348bcd3607fb73fe5e863b1298123a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5198ff971f348bcd3607fb73fe5e863b1298123a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-17485

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f3c7c714 by Salvatore Bonaccorso at 2018-01-24T23:13:30+01:00
Add bug reference for CVE-2017-17485

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -12152,10 +12152,9 @@ CVE-2017-17487
 CVE-2017-17486
RESERVED
 CVE-2017-17485 (FasterXML jackson-databind through 2.8.10 and 2.9.x through 
2.9.3 ...)
-   - jackson-databind 
+   - jackson-databind  (bug #888318)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0
NOTE: https://github.com/FasterXML/jackson-databind/issues/1855
-   TODO: check
 CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International 
...)
[experimental] - icu 60.2-1
- icu 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3c7c714558cc74568be565c816f21cb10968252

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3c7c714558cc74568be565c816f21cb10968252
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-5968

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3731c056 by Salvatore Bonaccorso at 2018-01-24T23:11:49+01:00
Add bug reference for CVE-2018-5968

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -543,7 +543,7 @@ CVE-2018-5970
 CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 
via ...)
TODO: check
 CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 
2.9.3 ...)
-   - jackson-databind 
+   - jackson-databind  (bug #888316)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
NOTE: 
https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
 CVE-2018-5967



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3731c0569255783a04df948b4ab1c2ed5ed164f6

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3731c0569255783a04df948b4ab1c2ed5ed164f6
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Move CVE-2017-17485 back to unfixed

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
335db9f3 by Salvatore Bonaccorso at 2018-01-24T23:07:41+01:00
Move CVE-2017-17485 back to unfixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -12152,8 +12152,10 @@ CVE-2017-17487
 CVE-2017-17486
RESERVED
 CVE-2017-17485 (FasterXML jackson-databind through 2.8.10 and 2.9.x through 
2.9.3 ...)
-   - jackson-databind  (Specific incomplete fixes for some 
Red Hat packages)
+   - jackson-databind 
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0
+   NOTE: https://github.com/FasterXML/jackson-databind/issues/1855
+   TODO: check
 CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International 
...)
[experimental] - icu 60.2-1
- icu 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/335db9f368019cd522b4e6c72937d2dbda49f8d9

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/335db9f368019cd522b4e6c72937d2dbda49f8d9
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-5968/jackson-databind

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9a172615 by Salvatore Bonaccorso at 2018-01-24T22:46:57+01:00
Add CVE-2018-5968/jackson-databind

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -543,7 +543,9 @@ CVE-2018-5970
 CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 
via ...)
TODO: check
 CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 
2.9.3 ...)
-   TODO: check
+   - jackson-databind 
+   NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
+   NOTE: 
https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
 CVE-2018-5967
RESERVED
 CVE-2018-5966



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a172615d05f4af813da1041f0a9a8e7ccd1e0ce

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a172615d05f4af813da1041f0a9a8e7ccd1e0ce
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6187/mupdf

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
88ce93bf by Salvatore Bonaccorso at 2018-01-24T22:45:14+01:00
Add CVE-2018-6187/mupdf

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,8 @@ CVE-2018-6189
 CVE-2018-6188
RESERVED
 CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow 
...)
-   TODO: check
+   - mupdf 
+   NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698908
 CVE-2018-6186
RESERVED
 CVE-2018-6185



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/88ce93bf7b6aa0aee763d89d47df387e7c7c7ed9

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/88ce93bf7b6aa0aee763d89d47df387e7c7c7ed9
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-5996, #888314

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0d23dde7 by Salvatore Bonaccorso at 2018-01-24T22:41:08+01:00
Add bug reference for CVE-2018-5996, #888314

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -485,7 +485,7 @@ CVE-2018-107 [HTTP authentication leak in redirects]
NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
 CVE-2018-5996 [Memory Corruptions via RAR PPMd]
RESERVED
-   - p7zip-rar 
+   - p7zip-rar  (bug #888314)
NOTE: 
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
 CVE-2018-5995
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d23dde702f5b22fbb39b1dc7a199f8ef8f89edc

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d23dde702f5b22fbb39b1dc7a199f8ef8f89edc
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Correct source package name for CVE-2018-5996, it's in the non-free p7zip-rar instead

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3f27b6ab by Salvatore Bonaccorso at 2018-01-24T22:35:57+01:00
Correct source package name for CVE-2018-5996, its in the non-free 
p7zip-rar instead

There was created only one bug #888297 for both CVEs, but those CVEs one
affect p7zip (possibly, untriaged if the versions in Debian are
affected) and p7zip-rar in non-free (as well only possibly affected;
untriaged).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -485,9 +485,8 @@ CVE-2018-107 [HTTP authentication leak in redirects]
NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
 CVE-2018-5996 [Memory Corruptions via RAR PPMd]
RESERVED
-   - p7zip  (bug #888297)
+   - p7zip-rar 
NOTE: 
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
-   TODO: check
 CVE-2018-5995
RESERVED
 CVE-2018-5994



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f27b6ab1aa86eb6f1b63c058ccacf3e5c9a9e9e

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f27b6ab1aa86eb6f1b63c058ccacf3e5c9a9e9e
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add two CVEs for p7zip

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8c299988 by Salvatore Bonaccorso at 2018-01-24T22:29:54+01:00
Add two CVEs for p7zip

It is unclear if those affect p7zip, not triaged yet. In particular
CVE-2018-5996 might be not-affected and the code.

Cf. 
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/#fn:2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -483,8 +483,11 @@ CVE-2018-107 [HTTP authentication leak in redirects]
- curl 7.58.0-1
NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
-CVE-2018-5996
+CVE-2018-5996 [Memory Corruptions via RAR PPMd]
RESERVED
+   - p7zip  (bug #888297)
+   NOTE: 
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
+   TODO: check
 CVE-2018-5995
RESERVED
 CVE-2018-5994
@@ -5833,8 +5836,10 @@ CVE-2018-3710 [Remote Code Execution Vulnerability in 
GitLab Projects Import]
NOTE: 
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow 
remote ...)
NOT-FOR-US: Muviko
-CVE-2017-17969
+CVE-2017-17969 [ZIP Shrink: Heap Buffer Overflow]
RESERVED
+   - p7zip  (bug #888297)
+   NOTE: 
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
 CVE-2018-3709
RESERVED
 CVE-2018-3708



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c299988069bbe81a05389971b40b3da775ffcb7

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c299988069bbe81a05389971b40b3da775ffcb7
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process one NFU

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c5934241 by Salvatore Bonaccorso at 2018-01-24T22:20:16+01:00
Process one NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -62065,7 +62065,7 @@ CVE-2017-1771
 CVE-2017-1770
RESERVED
 CVE-2017-1769 (IBM Business Process Manager 8.6 is vulnerable to cross-site 
request ...)
-   TODO: check
+   NOT-FOR-US: IBM Business Process Manager
 CVE-2017-1768
RESERVED
 CVE-2017-1767



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c59342417da1edfdeb6e95d8f54b1e8f303f58d1

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c59342417da1edfdeb6e95d8f54b1e8f303f58d1
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18075/linux

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5cb7438b by Salvatore Bonaccorso at 2018-01-24T22:12:52+01:00
Add CVE-2017-18075/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -23,7 +23,10 @@ CVE-2018-117
 CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path 
Service ...)
TODO: check
 CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles 
freeing ...)
-   TODO: check
+   - linux 4.14.13-1
+   [jessie] - linux  (Vulnerable code not present)
+   [wheezy] - linux  (Vulnerable code not present)
+   NOTE: Fixed by: 
https://git.kernel.org/linus/d76c68109f37cb85b243a1cf0f40313afd2bae68
 CVE-2018-118 (An information disclosure in ovirt-hosted-engine-setup prior 
to 2.2.7 ...)
NOT-FOR-US: ovirt-engine
 CVE-2018-6179



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cb7438b235a1ceab1e30dad2b8844fe2be0e838

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cb7438b235a1ceab1e30dad2b8844fe2be0e838
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3369e6e6 by security tracker role at 2018-01-24T21:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,6 +1,30 @@
-CVE-2017-18075
+CVE-2018-6189
RESERVED
-CVE-2018-118
+CVE-2018-6188
+   RESERVED
+CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow 
...)
+   TODO: check
+CVE-2018-6186
+   RESERVED
+CVE-2018-6185
+   RESERVED
+CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the 
/_next ...)
+   TODO: check
+CVE-2018-6183
+   RESERVED
+CVE-2018-6182
+   RESERVED
+CVE-2018-6181
+   RESERVED
+CVE-2018-6180
+   RESERVED
+CVE-2018-117
+   RESERVED
+CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path 
Service ...)
+   TODO: check
+CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles 
freeing ...)
+   TODO: check
+CVE-2018-118 (An information disclosure in ovirt-hosted-engine-setup prior 
to 2.2.7 ...)
NOT-FOR-US: ovirt-engine
 CVE-2018-6179
RESERVED
@@ -344,10 +368,10 @@ CVE-2018-6020
RESERVED
 CVE-2018-6019
RESERVED
-CVE-2018-6018
-   RESERVED
-CVE-2018-6017
-   RESERVED
+CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder 
Android ...)
+   TODO: check
+CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder 
...)
+   TODO: check
 CVE-2018-6016
RESERVED
 CVE-2018-6015
@@ -472,16 +496,16 @@ CVE-2018-5990
RESERVED
 CVE-2018-5989
RESERVED
-CVE-2018-5988
-   RESERVED
+CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter 
to ...)
+   TODO: check
 CVE-2018-5987
RESERVED
-CVE-2018-5986
-   RESERVED
-CVE-2018-5985
-   RESERVED
-CVE-2018-5984
-   RESERVED
+CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or 
s_row ...)
+   TODO: check
+CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component 
for ...)
+   TODO: check
+CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform) 
2.1 ...)
+   TODO: check
 CVE-2018-5983
RESERVED
 CVE-2018-5982
@@ -490,28 +514,28 @@ CVE-2018-5981
RESERVED
 CVE-2018-5980
RESERVED
-CVE-2018-5979
-   RESERVED
-CVE-2018-5978
-   RESERVED
-CVE-2018-5977
-   RESERVED
-CVE-2018-5976
-   RESERVED
+CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat 
Script 1.5 ...)
+   TODO: check
+CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 
via the ...)
+   TODO: check
+CVE-2018-5977 (SQL Injection exists in Affiligator Affiliate Webshop 
Management System ...)
+   TODO: check
+CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation 
Online 1.0 ...)
+   TODO: check
 CVE-2018-5975
RESERVED
 CVE-2018-5974
RESERVED
 CVE-2018-5973
RESERVED
-CVE-2018-5972
-   RESERVED
+CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the 
...)
+   TODO: check
 CVE-2018-5971
RESERVED
 CVE-2018-5970
RESERVED
-CVE-2018-5969
-   RESERVED
+CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 
via ...)
+   TODO: check
 CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 
2.9.3 ...)
TODO: check
 CVE-2018-5967
@@ -917,10 +941,10 @@ CVE-2018-5780
RESERVED
 CVE-2018-5779
RESERVED
-CVE-2018-5778
-   RESERVED
-CVE-2018-5777
-   RESERVED
+CVE-2018-5778 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 
Plus SP1 ...)
+   TODO: check
+CVE-2018-5777 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 
Plus SP1 ...)
+   TODO: check
 CVE-2018-5775
RESERVED
 CVE-2018-5774
@@ -1161,8 +1185,8 @@ CVE-2018-5707
RESERVED
 CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any 
user with ...)
NOT-FOR-US: Octopus Deploy
-CVE-2018-5705
-   RESERVED
+CVE-2018-5705 (Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The 
affected ...)
+   TODO: check
 CVE-2018-103 (Improper input validation bugs in DNSSEC validators 
components in ...)
- pdns-recursor 4.1.1-1
[stretch] - pdns-recursor  (Only affects 4.1)
@@ -1987,6 +2011,7 @@ CVE-2018-101 [Libc Realpath Buffer Underflow]
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22679
NOTE: 
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94
 CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 
can be ...)
+   {DSA-4095-1}
- gcab 0.7-7 (bug #887776)
   

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DSA number for gcab update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d48ea318 by Salvatore Bonaccorso at 2018-01-24T21:14:46+01:00
Reserve DSA number for gcab update

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,6 @@
+[24 Jan 2018] DSA-4095-1 gcab - security update
+   {CVE-2018-5345}
+   [stretch] - gcab 0.7-2+deb9u1
 [22 Jan 2018] DSA-4094-1 smarty3 - security update
{CVE-2017-1000480}
[jessie] - smarty3 3.1.21-1+deb8u1


=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -20,8 +20,6 @@ curl (ghedo)
 --
 firefox-esr (jmm)
 --
-gcab (carnil)
---
 graphicsmagick
 --
 imagemagick/oldstable (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d48ea318105b7dd9fb70d008fa733a7f462a01b8

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d48ea318105b7dd9fb70d008fa733a7f462a01b8
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] claim 3 LTS frontdesk weeks

[Antoine Beaupré]

Antoine Beaupré pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
14dd6cfd by Antoine Beaupré at 2018-01-24T12:02:33-05:00
claim 3 LTS frontdesk weeks

- - - - -


1 changed file:

- org/lts-frontdesk.2018.txt


Changes:

=
org/lts-frontdesk.2018.txt
=
--- a/org/lts-frontdesk.2018.txt
+++ b/org/lts-frontdesk.2018.txt
@@ -19,20 +19,20 @@ From 29-01 to 04-02:Ola Lundqvist 
 From 05-02 to 11-02:Markus Koschany 
 From 12-02 to 18-02:Guido Günther 
 From 19-02 to 25-02:Chris Lamb 
-From 26-02 to 04-03:
+From 26-02 to 04-03:Antoine Beaupré 
 From 05-03 to 11-03:Chris Lamb 
 From 12-03 to 18-03:Thorsten Alteholz 
 From 19-03 to 25-03:Markus Koschany 
 From 26-03 to 01-04:Ola Lundqvist 
 From 02-04 to 08-04:Chris Lamb 
-From 09-04 to 15-04:
+From 09-04 to 15-04:Antoine Beaupré 
 From 16-04 to 22-04:Markus Koschany 
 From 23-04 to 29-04:Thorsten Alteholz 
 From 30-04 to 06-05:Guido Günther 
 From 07-05 to 13-05:Ola Lundqvist 
 From 14-05 to 20-05:Chris Lamb 
 From 21-05 to 27-05:Markus Koschany 
-From 28-05 to 03-06:
+From 28-05 to 03-06:Antoine Beaupré 
 From 04-06 to 10-06:Chris Lamb 
 From 11-06 to 17-06:Thorsten Alteholz 
 From 18-06 to 24-06:Markus Koschany 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14dd6cfd238209ef47194688a0529b684dbc56f7

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14dd6cfd238209ef47194688a0529b684dbc56f7
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mark packages EOL

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1039d2b9 by Thorsten Alteholz at 2018-01-24T16:07:07+01:00
mark packages EOL

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -430,6 +430,7 @@ CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload 
arbitrary files, which 
NOT-FOR-US: Monstra CMS
 CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID 
comparison logic ...)
- matrixssl 
+   [wheezy] - matrixssl  (not supported in Wheezy)
 CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser 
resulting ...)
NOT-FOR-US: axTLS
 CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function 
in ...)
@@ -50339,6 +50340,7 @@ CVE-2017-5754 (Systems with microprocessors utilizing 
speculative execution and 
- nvidia-graphics-drivers 384.111-1 (bug #886852)
[stretch] - nvidia-graphics-drivers  (Non-free not supported)
[jessie] - nvidia-graphics-drivers  (Non-free not supported)
+   [wheezy] - nvidia-graphics-drivers  (Non-free not 
supported)
- nvidia-graphics-drivers-legacy-340xx 340.106-1
[stretch] - nvidia-graphics-drivers-legacy-340xx  (Non-free not 
supported)
- nvidia-graphics-drivers-legacy-304xx 
@@ -50355,6 +50357,7 @@ CVE-2017-5753 (Systems with microprocessors utilizing 
speculative execution and 
- nvidia-graphics-drivers 384.111-1 (bug #886852)
[stretch] - nvidia-graphics-drivers  (Non-free not supported)
[jessie] - nvidia-graphics-drivers  (Non-free not supported)
+   [wheezy] - nvidia-graphics-drivers  (Non-free not 
supported)
- nvidia-graphics-drivers-legacy-340xx 340.106-1
[stretch] - nvidia-graphics-drivers-legacy-340xx  (Non-free not 
supported)
- nvidia-graphics-drivers-legacy-304xx 
@@ -50462,6 +50465,7 @@ CVE-2017-5715 (Systems with microprocessors utilizing 
speculative execution and 
- nvidia-graphics-drivers 384.111-1 (bug #886852)
[stretch] - nvidia-graphics-drivers  (Non-free not supported)
[jessie] - nvidia-graphics-drivers  (Non-free not supported)
+   [wheezy] - nvidia-graphics-drivers  (Non-free not 
supported)
- nvidia-graphics-drivers-legacy-340xx 340.106-1
[stretch] - nvidia-graphics-drivers-legacy-340xx  (Non-free not 
supported)
- nvidia-graphics-drivers-legacy-304xx 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1039d2b98eda8819c21f9ea5ed64f5b61730d8f6

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1039d2b98eda8819c21f9ea5ed64f5b61730d8f6
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] claim curl

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1ba29f98 by Thorsten Alteholz at 2018-01-24T15:20:25+01:00
claim curl

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -10,7 +10,7 @@ this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
 --
-curl
+curl (Thorsten Alteholz)
 --
 exiv2 (Brian May)
   NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that 
CVE-2017-17669 applies to wheezy version



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ba29f98e425c28fd20a503783e409abc15f9cad

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ba29f98e425c28fd20a503783e409abc15f9cad
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add curl to dla-needed.txt

[Abhijith PA]

Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d438f248 by Abhijith PA at 2018-01-24T19:34:10+05:30
add curl to dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -10,6 +10,8 @@ this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
 --
+curl
+--
 exiv2 (Brian May)
   NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that 
CVE-2017-17669 applies to wheezy version
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d438f2480903dc5e4aa7719197b62d200e5a2991

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d438f2480903dc5e4aa7719197b62d200e5a2991
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Two curl issues fixed in unstable with new upstream version

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cffd5bd1 by Salvatore Bonaccorso at 2018-01-24T13:45:52+01:00
Two curl issues fixed in unstable with new upstream version

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -452,7 +452,7 @@ CVE-2018-5997
RESERVED
 CVE-2018-107 [HTTP authentication leak in redirects]
RESERVED
-   - curl 
+   - curl 7.58.0-1
NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
 CVE-2018-5996
@@ -1084,7 +1084,7 @@ CVE-2018-5732
RESERVED
 CVE-2018-105 [HTTP/2 trailer out-of-bounds read]
RESERVED
-   - curl 
+   - curl 7.58.0-1
[jessie] - curl  (Vulnerable code introduce later)
[wheezy] - curl  (Vulnerable code introduce later)
NOTE: https://github.com/curl/curl/pull/2231



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cffd5bd1a8f9958994488838ab300f86237aa105

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cffd5bd1a8f9958994488838ab300f86237aa105
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-0486 as no-dsa for stretch

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
70c634d8 by Salvatore Bonaccorso at 2018-01-24T13:43:58+01:00
Mark CVE-2018-0486 as no-dsa for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -14978,7 +14978,7 @@ CVE-2018-0487
 CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth 
Service ...)
{DSA-4085-1 DLA-1242-1}
- xmltooling 1.6.3-1
-   [stretch] - xmltooling  (Xerces is configured to disallow 
DTD use)
+   [stretch] - xmltooling  (Xerces is configured to disallow DTD 
use)
NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt
NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if 
parser already
NOTE: disallow DTD use.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/70c634d85e6abd4232b882ac7bc0c2c178b96057

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/70c634d85e6abd4232b882ac7bc0c2c178b96057
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-15718/hadoop

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
724a0139 by Salvatore Bonaccorso at 2018-01-24T12:26:45+01:00
Add CVE-2017-15718/hadoop

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19944,6 +19944,7 @@ CVE-2017-15719
RESERVED
 CVE-2017-15718
RESERVED
+   - hadoop  (bug #793644)
 CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...)
NOT-FOR-US: Apache Sling
 CVE-2017-15716



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/724a0139ceee4f67296663106095d107587a5d2f

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/724a0139ceee4f67296663106095d107587a5d2f
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] firefox-esr fixed in unstable

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e2f209f8 by Salvatore Bonaccorso at 2018-01-24T10:41:52+01:00
firefox-esr fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2537,7 +2537,7 @@ CVE-2018-5118
 CVE-2018-5117
RESERVED
- firefox 58.0-1
-   - firefox-esr 
+   - firefox-esr 52.6.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117
 CVE-2018-5116
@@ -2591,19 +2591,19 @@ CVE-2018-5105
 CVE-2018-5104
RESERVED
- firefox 58.0-1
-   - firefox-esr 
+   - firefox-esr 52.6.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104
 CVE-2018-5103
RESERVED
- firefox 58.0-1
-   - firefox-esr 
+   - firefox-esr 52.6.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103
 CVE-2018-5102
RESERVED
- firefox 58.0-1
-   - firefox-esr 
+   - firefox-esr 52.6.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102
 CVE-2018-5101
@@ -2617,29 +2617,29 @@ CVE-2018-5100
 CVE-2018-5099
RESERVED
- firefox 58.0-1
-   - firefox-esr 
+   - firefox-esr 52.6.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099
 CVE-2018-5098
RESERVED
- firefox 58.0-1
-   - firefox-esr 
+   - firefox-esr 52.6.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098
 CVE-2018-5097
RESERVED
- firefox 58.0-1
-   - firefox-esr 
+   - firefox-esr 52.6.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097
 CVE-2018-5096
RESERVED
-   - firefox-esr 
+   - firefox-esr 52.6.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096
 CVE-2018-5095
RESERVED
- firefox 58.0-1
-   - firefox-esr 
+   - firefox-esr 52.6.0esr-1
- skia  (bug #818180)
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5095
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095
@@ -2658,7 +2658,7 @@ CVE-2018-5092
 CVE-2018-5091
RESERVED
- firefox 58.0-1
-   - firefox-esr 
+   - firefox-esr 52.6.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5091
 CVE-2018-5090
@@ -2668,7 +2668,7 @@ CVE-2018-5090
 CVE-2018-5089
RESERVED
- firefox 58.0-1
-   - firefox-esr 
+   - firefox-esr 52.6.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5089
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5089
 CVE-2018-5088 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) 
allows local ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2f209f8a0e67e70e5e71646b4ffb550aae7c728

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2f209f8a0e67e70e5e71646b4ffb550aae7c728
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Firefox issues fixed in unstable

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f7c8d74b by Salvatore Bonaccorso at 2018-01-24T10:39:30+01:00
Firefox issues fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2518,7 +2518,7 @@ CVE-2018-5123
RESERVED
 CVE-2018-5122
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5122
 CVE-2018-5121
RESERVED
@@ -2528,41 +2528,41 @@ CVE-2018-5120
RESERVED
 CVE-2018-5119
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5119
 CVE-2018-5118
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118
 CVE-2018-5117
RESERVED
-   - firefox 
+   - firefox 58.0-1
- firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117
 CVE-2018-5116
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5116
 CVE-2018-5115
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5115
 CVE-2018-5114
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5114
 CVE-2018-5113
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5113
 CVE-2018-5112
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5112
 CVE-2018-5111
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5111
 CVE-2018-5110
RESERVED
@@ -2570,65 +2570,65 @@ CVE-2018-5110
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5110
 CVE-2018-5109
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5109
 CVE-2018-5108
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5108
 CVE-2018-5107
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107
 CVE-2018-5106
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5106
 CVE-2018-5105
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105
 CVE-2018-5104
RESERVED
-   - firefox 
+   - firefox 58.0-1
- firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104
 CVE-2018-5103
RESERVED
-   - firefox 
+   - firefox 58.0-1
- firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103
 CVE-2018-5102
RESERVED
-   - firefox 
+   - firefox 58.0-1
- firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102
 CVE-2018-5101
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5101
 CVE-2018-5100
RESERVED
-   - firefox 
+   - firefox 58.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100
 CVE-2018-5099
RESERVED
-   - firefox 
+   - firefox 58.0-1
- firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099
 CVE-2018-5098
RESERVED
-   - firefox 
+   - firefox 58.0-1
- firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098
NOTE: 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] dla: claim firefox-esr

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9d9880cb by Emilio Pozuelo Monfort at 2018-01-24T10:34:19+01:00
dla: claim firefox-esr

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -13,6 +13,8 @@ 
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 exiv2 (Brian May)
   NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that 
CVE-2017-17669 applies to wheezy version
 --
+firefox-esr (Emilio Pozuelo)
+--
 icu
   NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in 
Chromium project; report is not visible to the public
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d9880cbc2f39f6f101a8abe640500efef080c25

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d9880cbc2f39f6f101a8abe640500efef080c25
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f2ceaa93 by security tracker role at 2018-01-24T09:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2017-18075
+   RESERVED
 CVE-2018-118
NOT-FOR-US: ovirt-engine
 CVE-2018-6179
@@ -19983,8 +19985,7 @@ CVE-2017-15699
TODO: check, this is possibly specific to AMQ Interconnect as used by 
Red Hat JBoss, although based on Apache Qpid project
 CVE-2017-15698
RESERVED
-CVE-2017-15697
-   RESERVED
+CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header 
...)
NOT-FOR-US: Apache NiFi
 CVE-2017-15696
RESERVED
@@ -29359,8 +29360,7 @@ CVE-2017-12634 (The camel-castor component in Apache 
Camel 2.x before 2.19.4 and
NOT-FOR-US: Apache Camel
 CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 
and ...)
NOT-FOR-US: Apache Camel
-CVE-2017-12632
-   RESERVED
+CVE-2017-12632 (A malicious host header in an incoming HTTP request could 
cause NiFi ...)
NOT-FOR-US: Apache NiFi
 CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific 
plugins to ...)
NOT-FOR-US: Apache CXF



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2ceaa93d2c5f0ef18abb948b2a8033582a8fbc4

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2ceaa93d2c5f0ef18abb948b2a8033582a8fbc4
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits